From dd5f816942179e61fa38db3036ffb0d4f92477eb Mon Sep 17 00:00:00 2001 From: Arnob Kumar Saha Date: Wed, 1 Jul 2026 09:07:35 +0600 Subject: [PATCH] Emit path-based NATS address for Gateway installs The platform config gated the path-based NATS endpoints (EXTERNAL_ADDR nats://:4222, WEBSOCKET_ADDR wss:///nats) behind ingress-nginx being enabled. Gateway-based installs fell into the else branch, which emits the subdomain form wss://nats.. For deployments where global.platform.host is an IP (self-hosted, DNS-less), wss://nats. is unresolvable and not covered by the gateway cert SANs, so the audit/site-info NATS client can never connect. The Gateway already provisions an HTTPRoute matching PathPrefix /nats -> -nats:443, i.e. the path-based endpoint. Take the path-based branch when either ingress-nginx or the gateway is enabled. Signed-off-by: Arnob Kumar Saha --- charts/ace/templates/platform/config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ace/templates/platform/config.yaml b/charts/ace/templates/platform/config.yaml index df701a275..744de1c43 100644 --- a/charts/ace/templates/platform/config.yaml +++ b/charts/ace/templates/platform/config.yaml @@ -118,7 +118,7 @@ stringData: ADMIN_USER_CREDS = {{ .Values.settings.nats.mountPath }}/admin.creds INCLUSTER_ADDR = nats://{{ include "ace.fullname" . }}-nats.{{ .Release.Namespace }}.svc:4222 - {{- if (and (index .Values "ingress-nginx" "enabled") (and .Values.nats.enabled (not .Values.nats.nats.externalAccess))) }} + {{- if (and (or (index .Values "ingress-nginx" "enabled") .Values.gateway.enabled) (and .Values.nats.enabled (not .Values.nats.nats.externalAccess))) }} EXTERNAL_ADDR = nats://{{ .Values.global.platform.host }}:4222 WEBSOCKET_ADDR = wss://{{ .Values.global.platform.host }}/nats {{- else }}